IoT devices are increasing at a rapid pace in the digital world. These IoT devices vary in protocol, operating system, firmware, and communication methods. One of the most common communication protocols is RFID or Radio Frequency Identification. This is used in access cards and badges, as well as asset tracking. As a hacker/pentester, it is crucial to test the vulnerability of RFID, as RFID access cards/badges are the gatekeepers of physical access.

Concept of RFID

RFID (Radio Frequency Identification) is a technology that uses radio waves to identify and track objects, animals, or people. It involves the use of small devices called RFID tags, which can be attached to or embedded in items. These tags contain a microchip that stores information about the item and an antenna that communicates with RFID readers.

Components of RFID Technology

RFID Tag:

• Active Tags: Equipped with their own power source, they can transmit signals over longer distances, typically up to 100 meters.

• Passive Tags: These do not have their own power source and rely on the electromagnetic field generated by the RFID reader to power the chip and transmit information. Their range is usually much shorter, up to a few meters.

• Semi-passive Tags: These have a battery to power the microchip but rely on the reader’s signal to communicate, making them an intermediate option between active and passive tags.

RFID Reader: A device that emits radio waves and receives signals from RFID tags. It can read multiple tags simultaneously and does not require a direct line of sight, unlike barcode scanners.

Antenna: Part of both the tag and the reader. In the tag, the antenna receives the signal from the reader and powers the chip (in passive tags), while in the reader, it sends and receives signals.

How RFID Works:

The RFID reader sends out a radio frequency signal. When an RFID tag comes into the range of the reader, it is activated (if passive) or simply transmits its stored data (if active). The reader receives the data transmitted by the tag and processes it for further use, such as tracking inventory, verifying identity, or managing assets.

Applications of RFID:

• Inventory Management: Automating the tracking of products in warehouses and retail stores.

• Access Control: Managing entry to secure areas using RFID-enabled ID cards.

• Supply Chain Management: Tracking goods as they move through the supply chain.

• Animal Tracking: Identifying and tracking livestock or pets using an RFID chip embedded under their skin.

• Contactless Payments: Enabling payment systems like contactless credit/debit cards, which is advantageous for people who do not always carry cash for certain services.

Advantages of RFID:

• Speed: RFID can scan multiple items at once and does not require a direct line of sight.

• Durability: RFID tags can be embedded in various materials and are generally more durable than barcodes.

• Security: Tags can be encrypted, making them more secure than traditional barcodes.

Challenges of RFID:

• Cost: RFID systems can be more expensive to implement than traditional barcode systems.

• Interference: Metal and liquids can interfere with RFID signals, affecting the card’s performance.

• Privacy: Since RFID tags can be read without a line of sight, there are concerns about unauthorized tracking and data collection.

• RFID in Access Control Systems: RFID cards are frequently used in access control, identification, and payment systems. They come in various types, categorized by:

1. Frequency

2. Power source

3. Memory

4. Form factor

Based on Frequency:

Low Frequency (LF) Cards (125-134 kHz)

Range: Typically a few centimeters to about half a meter.

Characteristics: Slower data transfer rates and shorter reading distances but are less susceptible to interference from metal or liquids.

Common Uses: Animal tracking, access control, and some industrial applications.

Example: EM4100, HID Proximity cards.

High Frequency (HF) Cards (13.56 MHz)

Range: Usually up to about 1 meter.

Characteristics: Faster data transfer rates and moderate reading distances; can store more data than LF cards.

Common Uses: Contactless payment cards, access control, library systems, and public transport cards.

Example: MIFARE, iCLASS, NFC cards.

Ultra-High Frequency (UHF) Cards (860-960 MHz)

Range: Typically up to 12 meters, depending on the environment and reader.

Characteristics: Longer reading distances and faster data transfer rates; more susceptible to interference from metal and liquids.

Common Uses: Supply chain management, inventory tracking, and toll collection systems.

Example: EPC Gen 2, UHF Gen 2 cards.

Based on Power Source:

Passive RFID Cards

Power Source: No internal battery; powered by the electromagnetic field generated by the RFID reader.

Range: Shorter, typically a few centimeters to a few meters.

Cost: Less expensive and more commonly used.

Common Uses: Access control, contactless payment, and transportation cards.

Active RFID Cards

Power Source: Contains an internal battery that powers the card’s microchip and antenna.

Range: Longer, typically up to 100 meters.

Cost: More expensive than passive cards.

Common Uses: Asset tracking, toll collection, and vehicle identification.

Semi-Passive RFID Cards

Power Source: Contains a battery to power the chip but relies on the reader’s electromagnetic field to transmit data.

Range: Intermediate between passive and active RFID cards.

Common Uses: Specialized applications where longer range is needed but with the lower cost of passive systems.

Based on Memory and Functionality

Read-Only RFID

Memory: Pre-programmed with a unique identifier or data that cannot be altered after manufacture.

Common Uses: Basic access control and identification where no data changes are needed.

Read-Write RFID

Memory: Allows data to be written and rewritten multiple times.

Common Uses: Applications requiring updates or changes to the stored data, such as in library systems or transportation cards.

Cryptographic (Secure) RFID

Memory: Enhanced with encryption capabilities for secure data transmission.

Common Uses: High-security environments such as government IDs, banking, and secure access control systems.

Example: MIFARE DESFire, HID iCLASS SE.

Based on Form Factor:

Standard Cards: Typically credit card-sized, used for access control or identification.

Key Fobs: Smaller, portable, often used for access control in places like offices and parking garages.

Wearables: RFID embedded in clothing, commonly used in events, amusement parks, and conferences.

Each type of RFID card is designed to suit specific applications, with varying levels of security, range, and cost depending on the technology used.

Author: Jordan Rodgers- Lead Technologist at Black Hat